Forgetting your Windows password is not really something that happens too often, but it can happen. This is especially true if you are administering several computers because people who aren’t very computer savvy tend to think nothing of misplacing or not remembering their login password. Years ago this may have been a serious issue and could have resulted in deleting the account, but these days it’s not too much of a problem.
There are a number of different ways to either get around the user account password by using something like Kon-Boot which is a bootable CD that lets you get into Windows by temporarily entering anything as the password to logon. Or you could try a password cracker program that can hopefully find the original password for you. Ophcrack is one such program we have previously written about that you could try.
Other ways that we’ve talked about include “How to Hack Into a Windows XP Computer Without Changing Password” and “How to Recover Windows Login password within minutes” which are worth looking at. This article though, covers another method on how to get into Windows without knowing any Windows account password which is actually removing the password completely. This has an advantage of not revealing what the current password is, instead it simply deletes it so you can login without entering any password and can then create another personal password once in Windows. The great thing is, one of the tools that can do this is a free open source utility called Offline Windows Password & Registry Editor. The program is able to reset just about any valid local account from any Windows version from Windows NT 3.5 right up to Windows 7 64-bit, including locked or disabled accounts. The only thing is the program is completely text based and is not run from Windows so you need to pay attention to what keys need to be pressed or things could go horribly wrong!
Offline Windows Password & Registry Editor comes as an ISO image that needs to be burned on to a CD, or you can put the ISO on to USB stick using a utility. Then simply boot to the CD or USB to run the utility. Something I find a bit of a pain is the default text size and spacing once you’re in the program makes it quite hard to read. To get round this, at the initial welcome screen type Boot vga=0 and press Enter. This will maximize the text and spacing throughout the program making it far easier to read.
You are then ready to go through the process of resetting the password. It’s divided into a series of steps and luckily the defaults are already selected so many of your key presses will be of the Enter key just to confirm the defaults. All the text can look a bit overwhelming, but it’s quite easy to get through it and reset the password, here’s how:
1. Choose the Windows partition where the reset is to be performed. The program picks the most likely partitions which could contain the correct install. If the correct drive is not recognized there are options to manually load drivers or load them from a floppy or USB storage device. In the screenshot partition 1 is obviously the extra 100MB partition created by Windows 7, so I need to type in 2 and press Enter to select the full Windows partition.
2. Unless you have a custom Windows install where your default registry files are not located in Windows/System32/Config, Offline Windows Password and Registry Editor should have automatically identified the correct path. If it didn’t find anything, it’s possible you have selected the wrong partition from step 1. If the path is found and like the screenshot below, you only need to press Enter.
3. You want to load the SAM system security registry file which is the default option of #1, so simply press Enter.
4. If you’re an advance user you can also select the text based registry editor to edit registry keys, but it’s not for the novice. The default option of #1 is again what’s required to edit passwords, so simply press Enter.
5. Here you select the user’s account that needs the password reset. If the selected default in square brackets is the one you want, you can simple press Enter to continue. Alternatively, type the user name (case sensitive) or the RID number preceded by 0x (eg. 0x01f4).
6. From this screen you can choose to unlock user accounts that have previously been locked and also promote a user account to an administrator account. The option we need is #1 to clear the user password. After you press 1 and Enter you should get a “Password cleared!” underneath.
7. Now the password has been blanked the changes need to be saved back to the registry. To do this type ! (exclamation mark) and press Enter, then type q and press Enter. The screen will confirm the SAM registry hive has changed, all you need to do now is press y and then Enter to write the changes to the registry.
The last step is to simply press Enter and the last screen will tell you it is safe to press Ctrl+Alt+Del to reboot the machine. Make sure to remove the Offline Windows Password & Registry Editor CD or USB so it doesn’t boot again. Now when you boot the machine the password for that user should be gone! I’ve had great success using this tool and it’s given me no problems at all resetting a number of passwords. If you want to use this tool in conjunction with a large number of other useful utilities on 1 CD, the great Hiren’s Boot CD has Offline Windows Password & Registry Editor on its main menu.